Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Release Notes for the Cisco ASA Series, 9.3(x)

  • Viewing Options

  • EPUB (70.6 KB)
  • MOBI (104.3 KB)
  • PDF (237.8 KB)
  • Feedback

Table of Contents

Release Notes for the Cisco ASA Series, Version 9.3(x)

Important Notes

System Requirements

New Features

Upgrading the Software

Open Caveats

Resolved Caveats

End-User License Agreement

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for the Cisco ASA Series, Version 9.3(x)

Released: July 24, 2014

 

This document contains release information for Cisco ASA software Version 9.3(1). This document includes the following sections:

Important Notes

  • WinNT AAA server was deprecated—In ASA Version 9.3, the WinNT AAA server is no longer supported.

System Requirements

For information about ASA/ASDM software and hardware requirements and compatibility, including module compatibility, see Cisco ASA Compatibility :

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

For VPN compatibility, see the Supported VPN Platforms, Cisco ASA 5500 Series :

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html

New Features


NoteNew, changed, and deprecated syslog messages are listed in the syslog message guide.


Released: July 24, 2014

Table 1 lists the new features for ASA Version 9.3(1).

 

Table 1 New Features for ASA Version 9.3(1)

Feature
Description
Firewall Features

SIP, SCCP, and TLS Proxy support for IPv6

You can now inspect IPv6 traffic when using SIP, SCCP, and TLS Proxy (using SIP or SCCP).

We did not modify any commands.

Support for Cisco Unified Communications Manager 8.6

The ASA now interoperates with Cisco Unified Communications Manager Version 8.6 (including SCCPv21 support).

We did not modify any commands.

Transactional Commit Model on rule engine for access groups and NAT

When enabled, a rule update is applied after the rule compilation is completed; without affecting the rule matching performance.

We introduced the following commands: asp rule-engine transactional-commit , show running-config asp rule-engine transactional-commit , clear configure asp rule-engine transactional-commit

 

Remote Access Features

XenDesktop 7 Support for clientless SSL VPN

We added support for XenDesktop 7 to clientless SSL VPN. When creating a bookmark with auto sign-on, you can now specify a landing page URL or a Control ID.

We did not modify any commands.

 

Mobile Enablement Proxy

Mobile Enablement Proxy, a component of the ISE Mobile Enablement solution, allows off-premise mobile devices to participate in mobile device management in exactly the same way as on-premise mobile devices.

Note Mobile Enablement Proxy requires ISE support in an upcoming ISE release in early 2015.

We introduced the mdm-proxy command to enter config-mdm-proxy mode. In this new mode the following commands apply: authentication-server-group, accounting-server-group, password-management, trusttpoint, port, session-limit, session-timeout, and enable

 

AnyConnect Custom Attribute Enhancements

Custom attributes define and configure AnyConnect features that have not been incorporated into the ASA, such as Deferred Upgrade. Custom attribute configuration has been enhanced to allow multiple values and longer values, and now require a specification of their type, name and value. They can now be added to Dynamic Access Policies as well as Group Policies. Previously defined custom attributes will be updated to this enhanced configuration format upon upgrade to 9.3.x.

We introduced or modified the following commands: anyconnect-custom-attr , anyconnect-custom-data , and anyconnect-custom

 

AnyConnect Identity Extensions (ACIDex) for Desktop Platforms

ACIDex, also known as AnyConnect Endpoint Attributes or Mobile Posture, is the method used by the AnyConnect VPN client to communicate posture information to the ASA. Dynamic Access Polices use these endpoint attributes to authorize users.

The AnyConnect VPN client now provides Platform identification for the desktop operating systems (Windows, Mac OS X, and Linux) and a pool of MAC Addresses which can be used by DAPs.

We did not modify any commands.

 

TrustSec SGT Assignment for VPN

TrustSec Security Group Tags (SGT) can now be added to the SGT-IP table on the ASA when a remote user connects.

We introduced the following new command: security-group-tag value

 

High Availability Features

Improved support for monitoring module health in clustering

We added improved support for monitoring module health in clustering.

We modified the following command: show cluster info health

Platform Features

ASP Load Balancing

The new auto option in the asp load-balance per-packet command enables the ASA to adaptively switch ASP load balancing per-packet on and off on each interface receive ring. This automatic mechanism detects whether or not asymmetric traffic has been introduced and helps avoid the following issues:

  • Overruns caused by sporadic traffic spikes on flows
  • Overruns caused by bulk flows oversubscribing specific interface receive rings
  • Overruns caused by relatively heavily overloaded interface receive rings, in which a single core cannot sustain the load

We introduced or modified the following commands: asp load-balance per-packet auto , show asp load-balance per-packet , show asp load-balance per-packet history , and clear asp load-balance history

SNMP MIBs

The CISCO-REMOTE-ACCESS-MONITOR-MIB now supports the ASASM.

Interface Features

Transparent mode bridge group maximum increased to 250

The bridge group maximum was increased from 8 to 250 bridge groups. You can configure up to 250 bridge groups in single mode or per context in multiple mode, with 4 interfaces maximum per bridge group.

We modified the following commands: interface bvi , bridge-group

 

Routing Features

BGP support for ASA clustering

We added support for BGP with ASA clustering.

We introduced the following new command: bgp router-id clusterpool

 

BGP support for nonstop forwarding

We added support for BGP Nonstop Forwarding.

We introduced the following new commands: bgp graceful-restart, neighbor ha-mode graceful-restart

 

BGP support for advertised maps

We added support for BGPv4 advertised map.

We introduced the following new command: neighbor advertise-map

 

OSPF Support for Non-Stop Forwarding (NSF)

OSPFv2 and OSPFv3 support for NSF was added.

We added the following commands: capability, nsf cisco, nsf cisco helper, nsf ietf, nsf ietf helper, nsf ietf helper strict-lsa-checking, graceful-restart, graceful-restart helper, graceful-restart helper strict-lsa-checking


 

AAA Features

Layer 2 Security Group Tag Imposition

You can now use security group tagging combined with Ethernet tagging to enforce policies. SGT plus Ethernet Tagging, also called Layer 2 SGT Imposition, enables the ASA to send and receive security group tags on Gigabit Ethernet interfaces using Cisco proprietary Ethernet framing (Ether Type 0x8909), which allows the insertion of source security group tags into plain-text Ethernet frames.

We introduced or modified the following commands: cts manual , policy static sgt , propagate sgt , cts role-based sgt-map , show cts sgt-map , packet-tracer , capture , show capture , show asp drop , show asp table classify , show running-config all , clear configure all , and write memory

 

Removal of AAA Windows NT domain authentication

We removed NTLM support for remote access VPN users.

We deprecated the following command: aaa-server protocol nt

 

Monitoring Features

Monitoring Aggregated Traffic for Physical Interfaces

The show traffic command output has been updated to include aggregated traffic for physical interfaces information. To enable this feature, you must first enter the sysopt traffic detailed-statistics command.

Open Caveats

Table 2 contains open caveats.

If you are a registered Cisco.com user, view more information about each caveat using the Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 2 Open Caveats in ASA Version 9.3

Caveat
Description

CSCul52907

rewriter: delete statement is not rewritten correctly

CSCun28412

BGP L3 cluster: Socket is not open for gig int with unit rejoin

CSCun47835

BGP:NSF stale bgp routes are present on standby for long time

CSCup13455

BGP Hard Reset results in traffic drop as BGP tables not getting built

CSCup13549

BGP reconvergence takes longer in 9.3.1 than 9.2.1

CSCup42895

WEBVPN: HREF tag is not mangled properly on JQuery UI Demos mirror

CSCup45674

ASA with 1000 vlan sub interface configured will have 13% drop from 8.4

CSCup55551

BGP traffic does not recover after link failure and recovery

CSCup65527

SCCP IPv6 Phone on the DMZ network does not hear MOH on call hold

CSCup65754

BGP: ASA allowes to delete route-map attached to advertise map

CSCup82589

9.3.1: 5585-60 AnyConnect TLS Throughput down ~5-8%, high variability

Resolved Caveats

Table 3 contains resolved caveats in ASA Version 9.3(1).

If you are a registered Cisco.com user, view more information about each caveat using Bug Search at the following website:

https://tools.cisco.com/bugsearch

 

Table 3 Resolved Caveats in ASA Version 9.3(1)

Caveat
Description

CSCsk87165

ENH - Add device serial number and platform string to show run output

CSCsm81086

Allow user to exclude the status of the SSM or SSP from failover checks

CSCsw79856

'LU allocate xlate failed' syslog should include more data

CSCsz39633

Double auth not triggered if using secondary-aaa-server per interface

CSCtb71323

Cisco ASA Webtype ACL By-Pass Vulnerability

CSCtc18329

ACL renamed but syslog doesn't reflect new name

CSCtc61848

ENH - show traffic should include packet size distribution and flow info

CSCtd14339

block and chunk data needs to be included at beginning of crashinfo

CSCtf39306

show blocks exhaustion snapshot only takes single snapshot

CSCtj51276

Implement a syslog to indicate the version of the anyConnect client

CSCtk66541

ENH: ASA drops ICMP Error Reply for uni-directional SCTP Traffic

CSCtn30286

DHCP Relay needs to handle DHCPREQUEST differently

CSCtx55340

Easy VPN Remote not re-establishing nem-st-autoconnect setting changed

CSCty28878

ASA SSLVPN/DTLS: Copy inner packet TOS field to outer header

CSCtz92586

A warning message is needed when a new encryption license is applied

CSCub05888

Asa 5580-20: object-group-search access-control causes failover problem

CSCub13208

ASA transparent mode should support 'inspect icmp error'

CSCuc39071

AC Script/customi:no 'linux-64' option(maybe it should be 'freeform'?)

CSCuc80975

ASA5500-x: "speed nonegotiate" command not available for fiber interface

CSCud24785

Slow throughput of AnyConnect client w/DTLS compared to IPSec IKEv1

CSCue51351

ASA: Huge NAT config causes traceback due to unbalanced p3 tree

CSCue87407

DNS: Inspection drops non in-addr.arpa PTR queries

CSCug14102

Need Syslog containing assigned IP address for AnyConnect IKEv2

CSCug18734

ENH: Citrix Receiver proxy on ASA support for backend Storefront server

CSCug51755

ICMP destination unreachable for L2TP PMTU error not sent to server

CSCug87445

SVC_UDP Module is in flow control with a SINGLE DTLS tunnel

CSCuh01570

Dropped packets/Retries/Timeout on applying a huge ACL on existing acl

CSCuh61321

AC 3.1:ASA incorrectly handles alternate DTLS port,causes reconnect

CSCuh79288

ASA 9.1.2 DHCP - Wireless Apple devices are not getting an IP via DHCPD

CSCui30677

ENH - SCP Support on the ASA

CSCui44095

ASA 9.1: timer app id was corrupted causing to Dispatch Unit traceback

CSCui53710

ACL Migration to 8.3+ Software Unnecessarily Expands Object Groups

CSCui56863

ASA may reload with traceback in Thread Name: vpnfol_thread_msg

CSCui63001

ASA traceback in Thread Name: fover_parse during command replication

CSCui79979

ASA 9.1.2 - Traceback in Thread Name: fover_parse during configuration

CSCui82751

%ASA-6-113005 should contain IP that initiated failed auth attempt

CSCui95392

WebVPN portal page misses large title after portal redesign

CSCuj26816

ENH - ASA and AAA Operations

CSCuj35576

ASA OSPF route stuck in database and routing table

CSCuj45406

ASA: Page fault traceback with 'show dynamic-filter dns-snoop detail'

CSCuj68420

ASA SMR: Multicast traffic for some groups stops flowing after failover

CSCuj83344

ASA cifs share enumeration DOS vulnerability

CSCuj98221

IDFW: user-group is not deactivated even if IDFW ACL is removed

CSCul00624

ASA: ARP Fails for Subinterface Allocated to Multiple Contexts on Gi0/6

CSCul02052

ASA fails to set forward address in OSPF route redistrubution

CSCul05079

ASA Memory usage in a context rises

CSCul07504

CWS: ASA forwards HTTPS packets to CWS tower in wrong sequence

CSCul16778

vpn load-balancing configuration exits sub-command menu unexpectedly

CSCul22237

ASA may drop all traffic with Hierarchical priority queuing

CSCul25576

ASA: Page fault traceback after running show asp table socket

CSCul28082

ASA traceback in Thread Name: DATAPATH due to double block free

CSCul33381

ASA 5505 SIP packets may have extra padding one egress of 5505

CSCul34143

ENH: Need to optimize messages printed on upgrade from 8.2- to 8.3+

CSCul34702

ASA Unicorn rewriter memory corruption

CSCul37560

ASA traceback when uploading an image using FTP

CSCul46000

2048 byte block depletion with Smart-Tunnel Application

CSCul46971

ASA Transparent mode doesn't pass DHCP discover message

CSCul47395

ASA should allow out-of-order traffic through normalizer for ScanSafe

CSCul49796

ASA Tranparent A/A - Replicated MAC addresses not deleted after timeout

CSCul52942

ASA failover cluster traceback when replicating the configuration

CSCul55863

ASA with ICMP insp. drops replies with 'seq num not matched' code

CSCul60058

Case sensitivity check missing for Web Type ACL and Access-group

CSCul60950

IPSEC VPN - One crypto ACE mismatch terminates all Phase2 with that peer

CSCul61545

ASA Page Fault Traceback in 'vpnfol_thread_msg' Thread

CSCul62357

ASA fails to perform KCD SSO when web server listens on non-default port

CSCul64980

Acct-stop for VPN session doesn't send out when failover occurred

CSCul65863

ASA IGMP receiver-specific filter blocks all multicast receivers

CSCul67705

ASA sends RST to both ends when CX policy denies based on destination IP

CSCul68338

WEBVPN IE 11: CIFS bookmarks showing with unicode

CSCul68363

EIGRP: Auth key with space replicates to Secondary with no space

CSCul69592

ASA:Webvpn character encoding instructions unclear

CSCul70062

Capture Isakmp w/ match statement cause Standby to reload at replication

CSCul70712

ASA: ACL CLI not converting 0.0.0.0 0.0.0.0 to any4

CSCul73785

WEBVPN multiple issues with LMS application

CSCul74286

ASA: Phy setting change on member interfaces not seen on port-channel

CSCul77465

BPDUs on egress from ASA-SM dropped on backplane

CSCul83331

Redundant IFC not Switching Back

CSCul94773

ASA TCP Proxy can corrupt data, cause ACK storms and session hangs

CSCul96580

ASA tears down SIP signaling conn w/ reason Connection timeout

CSCul96864

ASA translates the source address of OSPF hello packets

CSCul98420

'Route-Lookup' Behavior Assumed for Twice NAT with Identity Destination

CSCum00360

ASA - DHCP Discover Sent out during boot process

CSCum00826

ASA reloads on Thread name: idfw_proc

CSCum01313

ASA drops DHCP Offer packet in ASP when nat configured with "Any"

CSCum06272

ASA reloads due to SSL processing

CSCum11724

secondary standby looses his cluster license after upgrade to 8.4.(7.3)

CSCum12633

webvpn issue,part of the http request not sent by the client to ASA

CSCum16576

ASA not allowing AC IKEv2 Suite-B with default Premium Peer license

CSCum16787

SSH: ASA 9.1.3 rare traceback observed during ping command

CSCum23018

ASA traceback with Thread Name: IKE Common thread

CSCum24634

IKEv1 - Send INVALID_ID_INFO when received P2 ID's not in crypto map

CSCum26955

Webvpn: Add permissions attribute to portforwarder jar file

CSCum26963

Webvpn: Add permissions attribute to mac smart-tunnel jar

CSCum28756

ASA: Auth failures for SNMPv3 polling after unit rejoins cluster

CSCum32334

WebVPN: ASA webVPN fails to rewrite dynamic content of pubmed website

CSCum35118

ASA:Traceback in Thread Name: DATAPATH-23-2334

CSCum37080

Traceback in IKEv2 Daemon with AnyConnect Failure

CSCum39328

uauth session considered inactive when inspect icmp is enabled

CSCum39333

idle time field is missing in show uauth output

CSCum47174

WebVPN configs not synchronized when configured in certain order-v3

CSCum51780

Problem configuring QOS priority with user-statistic on same policy-map

CSCum54163

IKEv2 leaks embryonic SAs during child SA negotiation with PFS mismatch

CSCum56003

Smart-tunnel for windows-Liveconnect exception-JRE 1.7u51

CSCum60784

ASA traceback on NAT assert on file nat_conf.c

CSCum63417

ASA should not allow interface MTU config greater than 9202/9198

CSCum65278

ASA 5500-X: Chassis Serial Number missing in entity MIB

CSCum68923

Webvpn: connecting to oracle network SSO returns error

CSCum68951

Webvpn: web applications that may refresh a page with "#" fail

CSCum69144

HTTP redirect to the VPNLB address using HTTPS fails in 9.1.4/9.0.4.x

CSCum70178

Datapath:Observing Deadlock in different DATAPATH threads

CSCum72854

Traffic does not hit Twice NAT configured after Static PAT

CSCum75214

ASA5585-SSP60 Teardown process is delayed under heavy traffic condition

CSCum75871

Traceback on standby ASASM when executing the failover active command

CSCum76734

ASA Backup scansafe tower is never polled

CSCum80899

ASA: Watchdog traceback in Unicorn Admin Handler with TopN host stats

CSCum82760

ASA traceback in Unicorn Admin Handler

CSCum82840

ASA: Traceback in pix_flash_config_thread when upgrading with names

CSCum84247

ASA - VPN session leak for IKEv2 if L2L sessions land on RA tunnel group

CSCum85047

Traceback in Thread: IPsec message handler with rip-tlog_event_allocate

CSCum85858

ASA Cluster: Unable to stop captures on CCL in a context

CSCum86538

SunRPC GETPORT Reply dropped when two active sessions use same xid

CSCum89182

show cluster info goid output needs formatting

CSCum91360

Aborted AnyConnect Authentications can cause resource leak

CSCum92080

Sourcefire Defense Center not able to be rendered via Clientless SSL VPN

CSCum93731

ASA 9.1.3 SNMP Traceback in Thread Name: SNMP

CSCum94542

Traceback in Thread Name: ci/console

CSCum95843

IKEv2 routes not installed if Dynamic and Static Crypto Map Match

CSCum96204

ASA cluster - RSA key size 4096 bits is not replicated cluster members

CSCun04658

Assigned IP in show vpn-sessiondb anyconnect is missing.

CSCun07943

Windows ICMP based Tarceroute through ASA faling

CSCun08017

ASA WebVPN memory leak - blank portal page

CSCun09515

capture option to be provided to collect pcap frm node other than master

CSCun10189

Ping doesn't work between peer IPs when answer-only is configured

CSCun10844

Java rewriting takes too much time

CSCun11323

ASA: Traceback in aware_http_server_thread after upgrade

CSCun12838

ASA Traceback in DATAPATH-1-1400 with error message shrlock_join_domain

CSCun15560

ASA-IC-6GE-SFP-C SFP port doesn't come up

CSCun16022

ASA traceback in Thread Name: IKE Daemon: with CX redirect in place.

CSCun16067

DAP creates dynamic ACLs even if single ACL selected.

CSCun17705

Regex modification within context causes ASA traceback

CSCun19025

ASA WebVPN login page XSS vulnerability

CSCun20457

ASA 9.1.x should accept RIP V1 updates

CSCun21186

ASA traceback when retrieving idfw topn user from slave

CSCun23552

XenDeskTop7:cannot relogin to StoreFront ineterface after logoff

CSCun25386

Anyconnect: Split-Tunnel dose not work with subnet 0.0.0.0/1

CSCun25809

AnyConnect Password Management Fails with SMS Passcode

CSCun28999

When long line is entered on cli, all chars > 510 silentl y discarded

CSCun31725

ASA using IKEv2 rejects multiple NAT_DETECTION_SOURCE_IP payloads

CSCun32324

ASA Cluster ICMP with PAT not functional on reload

CSCun32388

ASA 5585 cluster indicating SSM card down but no SSM module

CSCun32897

Data path: ASA traceback in CTM message handler

CSCun40620

ASA IPSec - DNS reply for RA client dropped when LZS compression enabled

CSCun41702

L2TP/IPSec connection is failed when there is PAT router.

CSCun41817

Hash calculated for multiple ACEs on ASA are same

CSCun41818

ASA: Traceback in thread Name: DATAPATH-1-2581

CSCun43082

ASA Tears Down Connections With Reason of 'snp_drop_none'

CSCun44108

Unable to access webvpn portal when CSD and IE content advisor enabled.

CSCun44541

ASA cut a part of credential data during cut-thru proxy authentication

CSCun45520

Cisco ASA DHCPv6 Denial of Service Vulnerability

CSCun48868

ASA changes to improve CX throughput and prevent unnecessary failovers

CSCun59095

ASDM interface graph showing bogus values in S/W and H/W output queue

CSCun59657

ASA-SM not sending SNMP traps with 9.0.4

CSCun61466

terminal width command is deleted when removing other context

CSCun66161

5585-20 8.4.7.11 traceback in Thread Name Datapath w/ DCERPC inspection

CSCun66306

IDM/IME/File Transfer Slow For Certain Source and Destination IP Pairs

CSCun69669

Posture assement failing after HS upgrade to 3.1.05152

CSCun71016

OSPFv3 route stuck in routing table after failover

CSCun71586

MEMLEAK: 128 byte leaks when requesting IPv6 address for AnyConnect

CSCun75965

Name for IPv6 address causes objects to became empty after reload

CSCun78551

Cisco ASA Information Disclosure Vulnerability

CSCun81982

Packet-tracer showing incorrect result for certain NAT configurations

CSCun83186

Nameif command not allowed on TFW multimode ASA with clustering

CSCun85465

'ASA modifies Request Host Part under 'ACK' packet for SIP connection'

CSCun86984

ASA 5505 u-turned/hairpinned conn counts toward license local-host limit

CSCun88276

High CPU with IKE daemon Process

CSCun95075

ASA drops packet due to nat-no-xlate-to-pat-pool after removing NAT rule

CSCun96170

ASA 8.4.6: Traceback with fover_FSM_thread

CSCuo00627

Saleen copper module port speed/duplex changes ineffective

CSCuo02948

To the box traffic dropped due to vpn load-balancing (mis)configuration

CSCuo03555

SNMP: cpmCPUTotal5sec/1min/5min return "0"

CSCuo03569

VPN client firewall and split-tunneling mishandle "inactive" acl rules

CSCuo04965

Clientless scrollbar on right hand side of the screen doesn't render

CSCuo05186

ASA 9.1 DMA Memory exhaustion in 240 binsize

CSCuo08511

ASA 9.0.4.1 traceback in webvpn datapath

CSCuo09383

ASA WebVPN Memory leak leading to Blank Portal Page/AnyConnect failure

CSCuo10869

VPN-filter ACL drops all traffic after upgrade for pre 8.3 to 9.x

CSCuo11057

IPsec transform sets mode changes from transport to tunnel after editing

CSCuo11867

CSCub92315 fix is incomplete

CSCuo14701

Interop: relax PrintableString encoding enforcement in PKI

CSCuo19916

ASA - Cut Through Proxy sends empty redirect w/ Virtual HTTP and Telnet

CSCuo23892

ASA SIP Inspect:'From: header' in the INVITE not NATed for outbound flow

CSCuo26501

ASA: Traceback in Thread Name: Dispatch Unit when enable debug ppp int

CSCuo26632

ASA SSLVPN OWA 2007: Unable to attach files >= 1 MB with KCD enabled

CSCuo27866

Traceback on DATAPATH-7-1524 Generating Botnet Filter Syslog

CSCuo32369

ASA WebVPN Rewriter: CSCOGet_location Improperly Pulls Full Web Address

CSCuo33186

Traceback with thread DATAPATH-2-1181

CSCuo44216

ASA traceback (Page fault) during xlate replication in a failover setup

CSCuo46136

ASA does not relay BOOTP packets

CSCuo49385

Multicast - ASA doesn't populate mroutes after failover

CSCuo54393

ASA: HTTP searchPendingOrders.do function failing over WebVPN

CSCuo54448

WebVPN capture causes conflict with other capture types

CSCuo58411

ASA IKEv2 "Duplicate entry in tunnel manager" (post 9.1.5)

CSCuo60435

ASA: Webvpn using incorrect password for auto-signon with Radius/OTP

CSCuo61372

ASA doesn't send invalid SPI notify for non-existent NAT-T IPSec SA

CSCuo63172

ASA 9.1.(3)4 Memory Leak in KCD

CSCuo64803

ASA Rewriter does not support encoded values for characters like " ' "

CSCuo70963

WebVPN: Javascript rewrite issue with Secret Server Application

CSCuo73792

ASA 9.x Management Port-Channel Cannot configure management-only in TFW

CSCuo78285

Firewall may crash while clearing the configuration

CSCuo78892

Traceback when using IDFW ACL's with VPN VPN Filters

CSCuo82612

5585-20 9.2.1 Traceback in Thread Name: DATAPATH-1-1567

CSCuo84225

CIFS drag & drop not working with remote file explorer over webvpn

CSCuo88253

ASA NAT: Some NAT removed after upgrade from 8.6.1.5 to 9.x

CSCuo89924

Giaddr to be set to the address of interface facing the client.

CSCuo91763

ASA allows to empty an access-list referenced elsewhere

CSCuo95074

ASA - crash in SSL Client compression in low memory conditions

CSCuo95602

Standby ASA traceback on Fover_Parse with Botnet Filter

CSCuo97036

show vpn load-balancing shows Public addr as Cluster IP addr for Master

CSCuo99186

Inconsistencies seen while sending warmstart trap on reload

CSCup00433

Failover Standby unit has higher memory utilization

CSCup01676

ASA: Crash in DATAPATH

CSCup05772

Snmp-server hosts entries are lost when upgrading from 9.1(4) to 9.1(5)

CSCup07447

ASA WebVPN: Script error when using port-forwarding

CSCup08262

9.0(4)5 - Unable to access internal site via clientless SSLVPN

CSCup08912

ASA SSLVPN Java plugins fail through proxy with Connection Exception

CSCup09236

L2TP/IPsec fragmentation change causing ICMP-PMTU being sent

CSCup09881

show webvpn kcd Error code 2 (ERROR_FILE_NOT_FOUND)

CSCup09958

ASA: Webvpn Clientless - certificate authentication fails intermittently

CSCup13265

ASA - Traceback in thread name: sch_prompt anonymous reporting

CSCup16512

ASA traceback in Thread Name : Checkheaps when snmp config is cleared

CSCup16860

IKEv2 DPD is sent at an interval not correlating to the specified value

CSCup24465

Jumbo frame calculations are incorrect or hard coded

CSCup26021

TCP intercept does not work after embryonic connection ends

CSCup26347

ASA Panic: CP Processing - ERROR: shrlock_join_domain

CSCup32973

ASA EIGRP does not reset hold time after receiving update

CSCup33868

ASA doesn't apply vpn-filter if group policy is assigned by Cisco VSA 25

CSCup36543

WebVPN Problem- icons missing, buttons not working

CSCup40357

SNMP: Unable to verify presence of second power supply in ASA 5545

CSCup44564

Remove Comment in Cookie

CSCup47885

ASA: Page fault traceback in DATAPATH when DNS inspection is enabled

CSCup48772

ASA - Wrong object-group migration during upgrade from 8.2

CSCup48979

ASA - Permitting/blocking traffic based on wrong IPs in ACL

CSCup50857

ASA traceback in thread name idfw_adagent

CSCup54184

ASA Overwrite any file on WebVPN RAMFS

CSCup59017

ASA with ACL optimization crashing in "fover_parse" thread

End-User License Agreement

For information on the end-user license agreement, go to:

http://www.cisco.com/go/warranty

Related Documentation

For additional information on the ASA, see Navigating the Cisco ASA Series Documentation :

http://www.cisco.com/go/asadocs

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html .

Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.